ABSTRACT:

>From a web page of Microsoft we learn:

       In mid-March 2001, VeriSign, Inc., advised Microsoft that on January 29
       and 30, 2001, it issued two VeriSign Class 3 code-signing digital
       certificates to an individual who fraudulently claimed to be a
       Microsoft employee. The common name assigned to both certificates is
       "Microsoft Corporation". The ability to sign executable content using
       keys that purport to belong to Microsoft would clearly be advantageous
       to an attacker who wished to convince users to allow the content to
       run.

Note that VeriSign is one of the largest "Certifying Authorities" in the USA.

This lecture starts by surveying the importance of PKI, which relies on so
called "digital certificates". The aforementioned case illustrates that such
digital certificates may not be trusted. This may be due to insider
mismanagement or to the fact that the computers that generate these digital
certificates are vulnerable to hacking. Methods to deal with such insider's or
outsider's "attacks" are discussed and compared.  This leads to the more
general question on how to reliably communicate over a network with active
attackers. Solutions have been proposed for several decades. Recent progress
on how to achieve this adding privacy and authenticity is also
discussed. Finally the question of how these issue become more complex when
dealing with unknown networks, as they occur in ad-hoc networks is briefly
discussed.

SHORT BIO:

Yvo Desmedt received his Ph.D. (Summa cum Laude) from the University of
Leuven, Belgium (1984).  He is presently a professor at Florida State
University (Computer Science) and a visiting professor of Information Security
at Royal Holloway, University of London.  His interests include cryptography,
network security and computer security. He has authored more than 100 papers
in international conferences and journals. He was program chair of PKC (Public
Key Cryptography) 2003, the 2002 ACM Workshop on Scientific Aspects of Cyber
Terrorism and Crypto '94. He is an editor of the Journal of Computer Security,
and of Information Processing Letters and is a director of the International
Association for Cryptologic Research.  Yvo Desmedt is ranked as the 2nd most
prolific author (out of 1165 researchers) in Crypto/Eurocrypt.  He has given
invited lectures at several conferences and workshop in 5 different continents
and more than 100 invited lectures for industry and academia. He is a
recipient of the Society of Worldwide Inter-bank Funds Transfer (SWIFT) award.